CLAIMS 



1 1. A security system for controlling access to a web site from an external 

2 network and an internal network, comprising: 

3 a security module executing on a security system, the security module for 

4 controlling access to web pages; 

5 a external web server for servicing requests for web pages from the external 

6 network; 

7 a site firewall for receiving requests for web pages from the external network 

8 and for forwarding legitimate requests for web pages to the external web server; 

9 a security foewall for receiving security requests from the external web server 
IBo and for forwarding legitimate security requests to the security module, the security requests 
J 1 relating to access of a web page; and 

3 2 an internal web server for servicing requests for web pages from the internal 
network and for forwarding the requests to the security module without passing the requests 

n4 through the security fu-ewall; 

J:i5 whereby requests to access web pages that are received from the external 

Hi6 network and the internal network are authorized by the same security module. 



1 2. The security system of claim 1 wherein a legitimate request for a web 

2 page is an HTTP request. 

1 3. The security system of claim 1 wherein a legitimate request for a web 

2 page is an HTTPs request. 

1 4. The security system of claim 1 wherein the external network is the 

2 Internet. 
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1 5. The security system of claim 1 wherein the extemal and internal web 

2 servers include a module for interfacing to the security module. 



1 6. The security system of claim 1 wherein the extemal and intemal web 

2 servers implement the same web pages. 

1 7. The security system of claim 1 wherein the security module provides 

2 authentication services. 

1 8. The security system of claim 1 wherein the security module provides 

2 authorization services. 

: sii 9. The security system of claim 1 wherein a legitimate security request is 

"5 received by the security firewall through a designated IP address aQd port number. 

rji 10. A method in a computer system for approving access to resources 

^^^2 provided by a server, the method comprising: 

receiving requests to access resources, the requests being received from an 

|l4 extemal network and an intemal network; 

requesting a security module to approve each request to access a resource 

Oe irrespective of whether the request was received from liie extemal network or the intemal 

7 network; 

8 when access to the resource is approved, granting access to the requested 

9 resource 

10 whereby requests to access resource received from either the extemal network 

1 1 or the intemal network are processed by the same security module. 

1 11. The method of claim 10 wherein the requests received from the extemal 

2 network are passed through a site firewall before being processed by the server and security 

3 requests generated by the server are passed through a security firewall before being 

4 processed by the security module. 
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1 12. The method of claim 1 1 wherein the requests received from the intemal 

2 network are not passed through a site firewall or security firewall 

1 13. The method of claim 12 wherein the requests received from the extemal 

2 network and requests received from the intemal network are processed by different servers. 

1 14. The method of claim 13 wherein the servers are web servers. 

1 15. The method of clahn 10 wherein the server is a web server. 

1 16. The method of claim 10 wherein the resources are web pages. 

1 17. The method of claim 10 wherein the extemal network is the Intemet. 

1 18. The method of claun 10 wherein the security module provides 

2 authentication services. 

1 19. The method of claim 10 wherein the security module provides 

2 authorization services. 

1 20. A security system for controlling access to resources, comprising: 

2 a security module for approving access to the resources; 

3 a server for servicing requests for resources; 

4 a site firewall for receiving requests for resources and for forwarding legitimate 

5 requests for resources to the server; and 

6 a security firewall for receiving security requests from the server and for 

7 forwarding legitimate security requests to the security module, the security requests relating 

8 to approving access to a resource. 

1 21. The security system of claim 20 wherein the requests for resources are 

2 received from the Intemet. 
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1 22. The security system of claim 20 wherein a legitimate request for a 

2 resource is an HTTP request. 

1 23. The security system of claim 20 wherein a legitimate request for a 

2 resource is an HTTPs request. 

1 24. The security system of claim 20 wherein the requests are received from 

2 an external network and wherein requests that are received from an internal network are 

3 process by a different server using the same security module, but without using the site 

4 firewall or security firewall. 

1 25. The security system of claim 20 wherein resources are web pages. 

1 26. The security system of claim 20 wherein the security module provides 

2 authentication services. 

1 27. The security system of claim 20 wherein the security module provides 

2 authorization services. 

1 28. The security system of claim 20 wherein a legitimate security request is 

2 received by the security fnewall through a designated IP address and port number. 

1 29. A method for configuring computer systems comprising: 

2 connecting an external network to a site firewall, the site firewall for receiving 

3 requests for web pages from the external network and for forwarding legitimate requests 

4 through the site firewall; 

5 connecting a external web server to the site firewall, the external web server 

6 for servicing legitimate requests for web pages received from the external network; 

7 connecting a security firewall to the external web server, the security firewall 

8 for receiving security requests from the extemal web server and for forwarding legitimate 

9 security requests; 
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10 connecting a security module to the security firewall, the security module for 

11 receiving legitimate security requests and for approving legitimate security requests; 

12 connecting an internal network to an intemal web server, the internal web 

13 server for servicing requests for web pages received from the intemal network; and 

14 connecting the security module to the intemal web server for receiving security 

15 requests and for approving the security requests 

16 whereby requests to access web pages that are received from the extemal 

17 network and the intemal network are approved by the same security module. 

1 30. The method of claim 29 wherein a legitimate request for a web page is 

2 an HTTP request. 

1 31. The method of claim 29 wherein a legitimate request for a web page is 

2 an HTTPs request. 

Lfl 1 32. The method of claim 29 wherein the extemal network is the Intemet. 

^^i 33. The method of claim 29 wherein the extemal and intemal web servers 

M 2 include a module for interfacing to the security module. 

fii 34. The method of claim 29 wherein the extemal and intemal web servers 

O2 implement the same web pages. 

1 35. The method of claim 29 wherein the security module provides 

2 authentication services. 

1 36. The method of claim 29 wherein the security module provides 

2 authorization services. 

1 37. The method of claim 29 wherein a legitimate security request is received 

2 by the security firewall through a designated IP address and port number. 
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